kevaundray

Yep, the readme list. For the program, I haven’t looked around, so I am not sure how hard it would be to in-cooperate the fact that squaring is usually cheaper...

Yep, I mean to use a weighting. For example, setting the weighting of a squaring operation to be 0.85 the weighting of a multiplication operation. One possible drawback, if it...

I think the dependency between variables is a good one, it would be interesting to see to what extent this heuristic speeds up SIMD implementations, if at all. On 23...

> Would you mind updating the README to show that support for 448 is now in the default resolver? That should help users see that `snow` finally supports the protocol's...

Hey Jake, No problem at all. The Montgomery curve arithmetic which X448 relies on was copied from the Dalek-cryptography crate and modified for Curve448. In that regard, I’m quite confident...

Yep, that sounds completely reasonable!

Yep checking the point is in the odd prime order subgroup `r` would avoid these exceptional points. This check can be quite expensive however, another technique is to use a...

> I checked the paper Section 6, page 11, https://eprint.iacr.org/2008/013.pdf, it said "if a is a square in k and d is a nonsquare in k." > > Should the...

I think that's a good idea. So you would have a standard encoding that arkworks uses to encode points with, using CanonicalSerialize.Then a way to implement a different, maybe niche,...

The Aztec backend is a bit more difficult to pull out, I believe the structure is incorrect for the acvm as it directly references the specific backends, instead the backends...